long-task

The skill’s capabilities mostly match its stated purpose as a long-running project orchestrator, and there is no clear credential theft or exfiltration path. The main issue is proportionality: it normalizes sustained autonomous coding, command execution, merging, and continuation without per-action user approval, which makes it high risk operationally even though it does not appear malicious.